CVE-2015-4165 Information

Description

The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them is accessible by the attacker and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from allows remote authenticated users to write to and create arbitrary snapshot metadata files and potentially execute arbitrary code.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://packetstormsecurity.com/files/132234/Elasticsearch-1.5.2-File-Creation.html http://www.securityfocus.com/archive/1/535727/100/0/threaded http://www.securityfocus.com/archive/1/536855/100/0/threaded http://www.securityfocus.com/bid/75113 https://bugzilla.redhat.com/show_bug.cgi?id=1230761 https://www.elastic.co/community/security/

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.5